It’s that magical time of year again! A time for friendship, feasts and festivities. I’m talking, of course, about ConfigMas! That special occasion when Adaptiva delivers a holiday ConfigMgr roundup for all to enjoy. As we prepare to greet the new year, we’ve compiled some of the best advice from MVPs and leading industry experts into the 12 Tips of ConfigMas.
If you prefer to hear the 12 tips in a song, please enjoy this rousing rendition from the ConfigMas Carolers.
1. Use the SCCM Office 365 Wizard to Create Your Office 2019 Install
Prajwal Desai @PrajwalDesai
With Office 2019 utilizing click-to-run technology, MSI technology is no longer used. Instead, Microsoft lets you create your Office 2019 install via the Office 365 installer wizard in the ConfigMgr console. To get the best from this installer use ConfigMgr 1806 onward.
Prajwal takes you through an informative step-by-step on how to do this in his blog post.
2. Upgrade to Current Branch with the Latest Baseline
Niall Brady @ncbrady
If you are still on ConfigMgr 2012, then it’s time you looked at upgrading to ConfigMgr Current Branch. You’ll get the latest and greatest features, continued support for Windows 10, and the chance to take advantage of all the latest cool cloud management roles.
Eight-time Enterprise Mobility MVP Niall Brady explains what baseline releases are and where you can get them.
3. Move Your ContentLib to a Remote Location
Peter van der Woude @pvanderwoude
Start to plan ConfigMgr high availability, or just free up some space on a cramped CM site server, by moving your ContentLib folder to a remote share location. Using this for HA purposes will ensure that the ContentLib is still available should your active site server go offline.
Peter van der Woude takes you through the flow of the process to shift that data to another location.
4. Sort Your WSUS out
Johan Arwidmark @jarwidmark
WSUS, please go away! One day ConfigMgr will not rely on this much-maligned solution, but until then we live with it. We embrace it as much as we can. Earlier this year, WSUS was a big problem for businesses with severe traffic being generated across estate on port 8530 and huge amounts of data being downloaded by devices. ConfigMgr admins took to the Internet to share stories and collaborate on how they had tackled their issue or put up with it.
Johan’s blog takes the approach of collating some of that information from various sources. So this meta-blog has become the go-to blog for WSUS maintenance and troubleshooting.
5. Embrace ADR’s for Patching
Bryan Dam @bdam555
Automatic Deployment Rules (ADR) can be used in ConfigMgr to automate your patching process and take away some of that monthly admin overhead. Use them wisely and configure them in a way that works for your environment.
ConfigMgr expert Bryan Dam’s notes from the field are the perfect starting point for ADRs. Bryan doesn’t tell you how to set them up. Instead, he gives you food for thought on the options you should consider when implementing.
6. Reduce Your Attack Surface with Defender Application Control
Paul Winstanley @sccmentor
Restrict application execution within your environment to only trusted apps with Windows Defender Application Control. The complexity behind its implementation is reduced significantly with ConfigMgr and Intune’s managed installers, which automatically authorize the apps deployed by these management tools.
In this blog post, Paul explains what WDAC is. Then he runs through the methods to implement it via both CongfigMgr and Intune.
7. Think about High Availability
Robert Marshall @robmvp
High availability of the ConfigMgr site server has been a much-requested, long-awaited feature. The feature is slowly being drip fed into ConfigMgr. Its power and flexibility are developed and improved upon with each release. In addition to doing the job of keeping the site up and running, this feature could be used to move site servers from one server OS to another. With the passive system containing the updated OS, you remove the restriction of not being able to change the hostname of the site server.
Ten-time Enterprise Mobility MVP Robert Marshall’s extremely detailed blog highlights the technical requirements to spin up a passive site server when the active goes offline.
8. Build Your CM Lab in Azure
Dan Padgett @danjpadgett
New to ConfigMgr and need some assistance in getting your site built or just want to crank up an Azure lab nice and fast? The blog post includes links to the free Azure sign-up, where you can get $200 of Azure credit for 30 days and a handy calculator that will give you an idea of any ongoing costs.
ConfigMgr consultant Dan Padgett runs through the step-buy-step process to get the site up and running so you can play and learn.
9. Learn the True Facts about SUP in CM
Jason Sandys @JasonSandys
Demystify the myths and misconceptions around the ConfigMgr Software Update Point role.
- Where are the EULA’s stored?
- Does the SUP distribute content?
- Is WSUS needed on the SUP server?
- Does anyone out there like WSUS?
Super MVP Jason Sandys’ myth buster blog is the place to find the answer to the above questions and more.
10. Understand Application Install Workflow
Dawn Wertz @wertzdm3
As they say, a picture is worth 1,000 words, and the workflow diagram presented at the configgirl blog does just that. It breaks down troubleshooting ConfigMgr application installation into series of steps relating to which log to refer to at which time in the process. The analysis goes deeper with references to the log file events with an example installation of 7-Zip. Fail to bookmark this page at your peril.
Dawn Wertz’s expert analysis can be found here.
11. Patch Third-Party Updates
Nick Hogarth @nick_hogarth
The Adaptiva Managing Windows 10 Security Features with ConfigMgr report https://t.co/y82fa8jjK8 overviewed the new third-party features introduced with ConfigMgr 1806. This feature imports software catalogs and publishes update information to a configured WSUS server. ConfigMgr then synchronizes the updates into the site server database and makes the updates available to endpoints via the SUP role.
Enterprise and Mobility MVP Nick Hogarth’s guide shows you how to enable the feature on your SUP and how to get things flowing in your environment.
12. Remove Built-In Apps for Windows 10 1809
Nickolaj Anderson @NickolajA
With another major release of Windows 10 comes another reason to update your remove built in apps script. Some new apps have been added to the mix, so you may wish to consider removing some or all of these during your OSD deployment.
The new apps are:
SCConfigMgr MVP Nickolaj Anderson’s handy script assists you with that very task. Grab a copy of the script and learn how to use it here.